|
Lines 8866-8871
Link Here
|
| 8866 |
</qandaentry> |
8866 |
</qandaentry> |
| 8867 |
|
8867 |
|
| 8868 |
<qandaentry> |
8868 |
<qandaentry> |
|
|
8869 |
<question id="extra-named-port"> |
| 8870 |
<para>My named is listening on port 53 and some other |
| 8871 |
high-numbered port? Named is vulnerable a lot, have I |
| 8872 |
been hacked?</para> |
| 8873 |
</question> |
| 8874 |
|
| 8875 |
<answer> |
| 8876 |
<para>No. FreeBSD 3.0 and later use a version of named that |
| 8877 |
uses a random high-numbered port for outgoing queries. If |
| 8878 |
you want to use port 53 for outgoing queries, either to |
| 8879 |
get past a firewall or to make yourself feel better, you |
| 8880 |
can use the following in |
| 8881 |
<filename>/etc/namedb/named.conf</filename> |
| 8882 |
|
| 8883 |
<programlisting> |
| 8884 |
options { |
| 8885 |
query-source address * port 53; |
| 8886 |
}; |
| 8887 |
</programlisting> |
| 8888 |
|
| 8889 |
<para>You can replace the * with a single IP address if you |
| 8890 |
want to tighten things further.</para> |
| 8891 |
|
| 8892 |
<para>Congratulations, by the way. It's good practice to |
| 8893 |
read your <command>sockstat</command> output and notice |
| 8894 |
odd things.</para> |
| 8895 |
</answer> |
| 8896 |
</qandaentry> |
| 8897 |
|
| 8898 |
|
| 8899 |
<qandaentry> |
| 8869 |
<question id="bpf-not-configured"> |
8900 |
<question id="bpf-not-configured"> |
| 8870 |
<para>Why do I get <literal>/dev/bpf0: device not |
8901 |
<para>Why do I get <literal>/dev/bpf0: device not |
| 8871 |
configured</literal>?</para> |
8902 |
configured</literal>?</para> |